Samsung’s mobile payments acquisition LoopPay breached by hackers

A report on Wednesday revealed that LoopPay, the U.S.-created mobile payment system acquired by Samsung in February, was the target of a hacker attack in March.

But the most interesting wrinkle in the story is the fact that the hackers who executed the attack on the South Korea-based company appear to be from China, thus framing the incident as a case of international, possibly corporate, espionage, rather than just another hack.

Details of the hacking attack surfaced in a New York Timesreport, which claims that the Chinese hacker group the Codoso Group had breached the LoopPay computer network. The breach was discovered in August, giving the hackers a full five months access to the network.

However, Samsung, which is using the LoopPay technology to roll out Samsung Pay, a would-be Apple Pay competitor, claims that the breach did not extend to Samsung’s own computer network.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy officer, told Mashable in an emailed statement.

“This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network from Samsung Pay. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay. Samsung is extremely committed to securing and protecting user data to the highest industry standards.”

According to Samsung, no personal payment information was ever at risk. Instead, it appears the hackers were after details on LoopPay’s magnetic secure transmission (MST) technology. Samsung is using MST in conjunction with its wireless NFC technology to allow mobile payments on older systems that rely on older magnetic stripe card-style payment systems.

Another notably unique detail in the Times report is the fact that LoopPay has not alerted law enforcement officials to the breach, reportedly due to the fact that no financial or consumer data was stolen.

In addition to the statement obtained by Mashable, Samsung also published a blog post reaffirming the safety of the Samsung Pay system.

“As soon as the incident was discovered, LoopPay followed their standard incident response procedures and acted immediately and comprehensively. LoopPay brought in two independent professional security teams,” reads the blog post. “Again, Samsung, Samsung Pay, and Samsung users were not affected.”

Leave a Comment

Rainmaker Labs is Asia Pacific’s leading mobile consultancy and enterprise mobile app developer. We help transform the business and operations of the world’s leading enterprises with mobile.

Testimonials

Our partnership with Rainmaker Labs spanned a period of 2 and a half years and it was an amazing experience working with a team that fully understood how to bring a mobile first project from ideation to initial deployment to on-going iterations. Andrew has done an amazing job in managing the complexities of a large team of developers & project managers to bring this key project to reality.

Rainmaker Labs has provided exceptional support with regards to mobile app development of our product! We are now in our 6th iteration in 36 months of our partnership and I am still impressed by their professionalism & best in class delivery. Thank you Alex, Andrew, Haw Shyang and Rainmaker Labs team!

I'm still amazed at the quality of work of the Rainmaker Labs team. The interaction was smooth, the work was fast, and the result was very professional. The Rainmaker team's in-depth knowledge of how to bring a mobile first product to market is simply yards beyond other mobile players. Alex, Neo & Andrew..continue with this good work. You guys are really good at what you do.